DSA and ECC (was: Looking for Elgamal sign+encrypt key information)

David Shaw dshaw at jabberwocky.com
Wed Mar 24 02:01:41 CET 2004

Hash: SHA256

On Tue, Mar 23, 2004 at 02:28:52PM +0100, Per Tunedal Casual wrote:
> At 05:01 2004-03-22, you wrote:
> >Len Sassaman wrote:
> >
> >One of the given reasons for incorporation of rDSA
> >and ECDSA into the new DSS is the key length restriction of DSA.  If DSA
> >falls into disuse, then without rDSA or ECDSA, there will be no
> >signature standard in OpenPGP at all.
> >
> The current DSA will in a few years time be depreciated because of too 
> short signing keys. What's the reason not to include rDSA i OpenPGP? I 
> think it's important to have a modern signature standard in OpenPGP. 
> Products bases on OpenPGP cannot be marketed to e.g. US government if 
> standard algos are missing.
> I don't know the reasons why the new DSS doesn't include the "old" RSA 
> signature algo (used in OpenPGP), but rather the new rDSA. The difference 
> seems to be that the new rDSA is using an other hash, MDC-2 (patented). 
> What's the advantage?
> If MDC-2 is applied with DES as block cipher the hash is only 2x64=128 
> bits. Is this what is stated in the new DSS (ANSI X-9.31)? I thought a 
> longer hash would be needed to make any use of longer signing keys. With 
> the "old" RSA signature algo a much longer hash can be used e.g. the 
> forthcoming SHA-256.

What do you mean forthcoming? ;)

Seriously, though, there is no reason why rDSA can't someday be added
to OpenPGP.  OpenPGP is very extensible and we're not even close to
running out of algorithm numbers.  That said, there is no particular
reason I've seen to add it *now*.  We should never add algorithms just
because they are available.

Version: GnuPG v1.3.6-cvs (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc


More information about the Gnupg-users mailing list